About cipher block modes

Transcript

1. or:
   what the heck are those MCRYPT_MODE_ECB,
   MCRYPT_MODE_CBC constants?
   Block cipher modes
   woensdag 25 april 12
   

   View Slide

2. What are block cipher modes
   ‣ FOOTER TEXT
   ‣ Modes to handle “blocks” during block
   cipher encryption / decryption.
   ‣ Work on blocks of data (8-256 byte mostly)
   instead of a continuous stream.
   ‣ Each block is en/decrypted separately.
   ‣ mcrypt_*() functions in PHP
   woensdag 25 april 12
   

   View Slide

3. What are block cipher modes
   ‣ ECB - electronic cookbook
   ‣ CBC - cipher block chaining
   ‣ CFB - cipher feedback
   ‣ (N)OFB - Output feedback
   woensdag 25 april 12
   

   View Slide

4. Electronic Cookbook (ECB)
   http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
   woensdag 25 april 12
   

   View Slide

5. Electronic Cookbook (ECB)
   ‣ ENCRYPT 10 EQUAL BLOCKS OF DATA
   // The key size does not matter
   $key = "1234567890";
   // Message is 10x the string HELLOYOU. Since each string is
   // 64bit, this will result in every HELLOYOU be encrypted
   // separately.
   $message = str_repeat("HELLOYOU", 10);
   // Blowfish is an encryption that uses 64bit blocks
   $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_ECB);
   // Display the result in hex
   for ($i=0; $i!=strlen($crypted); $i++) {
   printf ("%02X ", ord($crypted[$i]));
   if ($i % 8 == 7) print "\n";
   }
   woensdag 25 april 12
   

   View Slide

6. Electronic Cookbook (ECB)
   ‣ RESULT IS DETERMINISTIC
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   3F 89 AD 58 3C C8 21 CD
   woensdag 25 april 12
   

   View Slide

7. Electronic Cookbook (ECB)
   ‣ CREATE A CORRUPT ENCRYPTED BLOCK
   // The key size does not matter
   $key = "1234567890";
   // again: all padded to the blocksize
   $message = "1111111122222222333333334444444455555555666666667777777788888888";
   // Blowfish is an encryption that uses 64bit blocks
   $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_ECB);
   // Lets "corrupt" a byte in the second block
   $crypted[10] = "A";
   // Decrypt, and see the results:
   $plaintext = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $crypted, MCRYPT_MODE_ECB);
   print $plaintext."\n";
   woensdag 25 april 12
   

   View Slide

8. Electronic Cookbook (ECB)
   ‣ ERRORS ARE ISOLATED IN ONE BLOCK
   11111111T#####zO333333334444444455555555666666667777777788888888
   woensdag 25 april 12
   

   View Slide

9. Electronic Cookbook (ECB)
   ‣ PARALLEL ENCRYPTION AND DECRYPTION IS POSSIBLE
   Block 1 Block 6 Block 8
   Block 2 Block 5
   Block 4
   Block 7
   Block 3 Block 9
   assemble
   Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8 Block 9
   Thread 1 Thread 2 Thread 3
   =
   woensdag 25 april 12
   

   View Slide

10. Cipher Block Chaining (CBC)
    http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
    woensdag 25 april 12
    

    View Slide

11. Cipher Block Chaining (CBC)
    // The key size does not matter
    $key = "1234567890";
    // The IV MUST be equal to the block size of the encryption method
    $iv = "IAMWEASL";
    // Message is 10x the string HELLOYOU. Since each string is
    // 64bit, this will result in every HELLOYOU be encrypted
    // separately.
    $message = str_repeat("HELLOYOU", 10);
    // Blowfish is an encryption that uses 64bit blocks
    $crypted = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $message, MCRYPT_MODE_CBC, $iv);
    // Display the result in hex
    for ($i=0; $i!=strlen($crypted); $i++) {
    printf ("%02X ", ord($crypted[$i]));
    if ($i % 8 == 7) print "\n";
    }
    ‣ ENCRYPT 10 EQUAL BLOCKS OF DATA
    woensdag 25 april 12
    

    View Slide

12. Cipher Block Chaining (CBC)
    02 67 2E AA 4A EB E1 C1
    F8 DB A6 2A 66 47 22 A7
    5A 5B 7B 46 7D 68 8E E4
    B4 BE 7D F7 00 73 B0 DD
    72 71 4D 32 A9 A2 36 73
    BB 8E 42 25 49 1D 65 B6
    D9 36 F2 43 6A A9 E2 85
    E4 C0 56 CC 24 05 73 22
    52 A3 BA 85 88 5C A3 0D
    98 29 3F 87 15 76 2E 98
    ‣ RESULT IS NON-DETERMINISTIC
    woensdag 25 april 12
    

    View Slide

13. Cipher Block Chaining (CBC)
    ‣ ERRORS ARE ISOLATED IN ONE BLOCK PLUS THE NEXT
    11111111?Թ~*IU33&333334444444455555555666666667777777788888888
    Limited error propagation.
    woensdag 25 april 12
    

    View Slide

14. Cipher Block Chaining (CBC)
    ‣ INCORRECT IV ONLY RESULTS IN FIRST BLOCK FAILURE
    +%,#&=#322222222333333334444444455555555666666667777777788888888
    woensdag 25 april 12
    

    View Slide

15. Cipher Block Chaining (CBC)
    ‣ IV is not a additional secret key!
    ‣ non-deterministic, since we’re
    chaining each block
    ‣ Change IV for each message for
    optimal security for non-
    deterministic messages.
    woensdag 25 april 12
    

    View Slide

16. Cipher feedback (CFB)
    http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
    woensdag 25 april 12
    

    View Slide

17. Cipher feedback (CFB)
    ‣ Only needs “encryption”
    ‣ Effectively convert a block cipher
    into a stream cipher.
    ‣ No padding is needed (can be used
    on non-matching block lenghts)
    woensdag 25 april 12
    

    View Slide

18. Output feedback (OFB)
    http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
    woensdag 25 april 12
    

    View Slide

19. Output feedback (OFB)
    ‣ Don’t use MCRYPT_MODE_OFB (8bit)
    ‣ Use MCRYPT_MODE_NOFB
    ‣ Cipher text is fed back instead of the
    output.
    woensdag 25 april 12
    

    View Slide

20. Conclusion
    ‣ You should use MCRYPT_MODE_CBC.
    ‣ Use randomize IV’s for each message
    (mcrypt_create_iv())
    ‣ You should use the correct cipher
    algorithm (DES vs AES)
    woensdag 25 april 12
    

    View Slide